From owner-freebsd-security  Fri Jan  4 19:16:48 2002
Delivered-To: freebsd-security@freebsd.org
Received: from shemp.palomine.net (shemp.palomine.net [216.135.64.135])
	by hub.freebsd.org (Postfix) with SMTP id 47EEA37B417
	for <security@FreeBSD.ORG>; Fri,  4 Jan 2002 19:16:40 -0800 (PST)
Received: (qmail 35244 invoked by uid 1000); 5 Jan 2002 03:16:38 -0000
Date: Fri, 4 Jan 2002 22:16:38 -0500
From: Chris Johnson <cjohnson@palomine.net>
To: Tim Zingelman <zingelman@fnal.gov>
Cc: "Philip J. Koenig" <pjklist@ekahuna.com>, security@FreeBSD.ORG
Subject: Re: Security advisory SA-02:04 typo?
Message-ID: <20020104221638.A35194@palomine.net>
References: <3C35F700.20238.29BF6BB@localhost> <Pine.GSO.4.43.0201042056550.5851-100000@nova.fnal.gov>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.GSO.4.43.0201042056550.5851-100000@nova.fnal.gov>; from zingelman@fnal.gov on Fri, Jan 04, 2002 at 09:07:30PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 04, 2002 at 09:07:30PM -0600, Tim Zingelman wrote:
> On Fri, 4 Jan 2002, Philip J. Koenig wrote:
> > >
> > > Category:       ports
> > > Module:         mutt
> > > Announced:      2002-01-04
> > > Credits:        Joost Pol <joost@contempt.nl>
> > > Affects:        Ports collection prior to the correction date
> > > Corrected:      2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x)
> > >                 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x)
> > > FreeBSD only:   NO
> > >
> > > I.   Background
> > >
> > > Mutt is a small but very powerful text-based mail client for Unix
> > > operating systems.
> > >
> > > II.  Problem Description
> > >
> > > The mutt ports, versions prior to mutt-1.2.25_1 and
> > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of
> > > email addresses in headers.
> >
> >
> > Shall I assume the "1.2.25_1" string above is a typo?  Is it really
> > the versions prior to 1.2.5_1?  Because I would think 1.2.2x seems to
> > be pretty old at this point.
>=20
> This is not a typo.  The FreeBSD PORT version is "1.2.25_1" indicating
> that the 1.2.25 port has been updated once (to repair the security issue).
> This port patches the 1.2.25 source tarball rather than using the 1.2.25.1
> source tarball.

Note: 1.2.25 !=3D 1.2.5. It *is* a typo.

Chris Johnson

--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8NnAVyeUEMvtGLWERAtKXAJ0dcl7cqM12EIAz6D4fu/N7eX5OoACffIbR
FdAELJkWWclmlTRZO1qARYg=
=vLLM
-----END PGP SIGNATURE-----

--RnlQjJ0d97Da+TV1--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message